Vulnerability: DedeCMS 5.7 SP2 - Cross-Site Scripting
DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim’s browser, leading to session hijacking, defacement, or theft of sensitive information.
Severity
medium
Verified
Unknown